Privacy Policy

Last updated: April 20, 2026

1. Introduction

This Privacy Policy describes how Galgomedia LLC (“StoryKid”, “we”, “us”) collects, uses, and protects your personal information when you use storykid.ai and related services.

We take privacy seriously, especially because our service involves creating content for children. We comply with applicable laws including the Children’s Online Privacy Protection Act (COPPA) in the United States and the General Data Protection Regulation (GDPR) in the United Kingdom and European Economic Area.

If you have any questions, contact us at hello@storykid.ai.

2. Information We Collect

Account information

When you create an account we collect your name, email address, and password. If you sign in with Google, we receive your name and email from Google.

Child information (provided by the parent/guardian)

To create a personalized book you provide information about the child: first name, age, pronouns, personality traits, interests, occasion, and story preferences. Depending on your tier you may also upload photos of the child and supporting characters.

All child information is provided by a parent or guardian, not by the child directly. We do not knowingly collect information directly from children under 13.

Voice samples (audiobook add-on)

If you opt in to the audiobook add-on you may upload a short voice recording. The sample is sent to our voice-synthesis partner to clone a voice for the narration, then stored so the same voice can be reused on sequels and reprints. You can delete voice samples from Account → Voice Sample at any time.

Sharing your audiobook

Every printed book ships with a QR code on the “Listen to the audiobook” page. Scanning it opens a unique /listen/… link on StoryKid. If the book has an audiobook, the person who scans can listen in-browser — no sign-in, no download. If it doesn’t yet, the page shows an “Add an audiobook” prompt that only the account owner can act on.

Who can access the link. Anyone who has the printed book or the link itself. Treat the link the way you’d treat the physical book — share it with family, not on public social media. If the link leaks, you can revoke or regenerate it at any time from My Orders; the old link stops working immediately.

Optional passcode. You can set a 4–8 digit passcode from your order page. When set, the link asks for the passcode before playing. Passcodes are hashed (scrypt) before storage and verification attempts are rate-limited.

Search engines. /listen/… pages are noindex, nofollow and disallowed in robots.txt. We never post page previews that include the child’s name or cover illustration to chat apps or social platforms — link previews show a generic “A StoryKid audiobook” card so the child’s identity stays out of auto-generated thumbnails.

What we log. For each share link we keep a count of total plays and the most-recent play timestamp, visible to you on the order page so you can spot unexpected activity. We do not log the listener’s identity, IP, or location on that surface.

Payment information

Payment is processed by Stripe. We do not store your full credit card number, CVV, or bank details. We receive a confirmation of payment and a truncated card reference for your order history.

Usage and device data

When you visit StoryKid we collect standard technical information: IP address, browser, device type, operating system, referring page, and approximate country. If you grant analytics consent we also collect pages visited, time on page, and actions taken on the site (sign up, add to cart, purchase, etc.).

Support interactions

If you contact support we retain the contents of your messages, any attachments you send, and the email you provide so we can reply.

3. How We Use Your Information

We use the information we collect to:

  • Generate your personalized story and illustrations
  • Produce and deliver your book (digital download and/or printed shipment)
  • Generate audiobook narration if you purchase the add-on
  • Process payments, invoices, refunds, and gift voucher redemptions
  • Send transactional emails about your order and account (receipts, shipping updates, support replies)
  • Provide customer support and handle complaints
  • Measure how visitors use our website and the effectiveness of our advertising (analytics + conversion tracking — only with your consent where required by law)
  • Prevent fraud, abuse, and unauthorized access
  • Comply with legal obligations

We do not sell your personal information. We do not use children’s information for advertising or behavioural targeting.

4. Legal Bases for Processing (UK/EEA users)

Where GDPR applies, we rely on the following legal bases:

  • Contract — to create and deliver the book you ordered.
  • Consent — for analytics, advertising, and marketing emails. You can withdraw consent at any time without affecting services already provided.
  • Legitimate interests — to keep the service secure, prevent fraud, and improve product quality.
  • Legal obligation — for tax and accounting record-keeping.

5. Third-Party Service Providers

We share the minimum information necessary with trusted processors acting on our instructions.

  • Anthropic (Claude) — receives story parameters (child’s first name, age, interests, traits) to generate the story text. Under our agreement, inputs are not retained for model training. Anthropic privacy policy.
  • Replicate (FLUX.2) — receives illustration prompts and a synthetic character reference image (generated from text; not the child’s uploaded photo) to produce the artwork. Replicate privacy policy.
  • ElevenLabs — receives the voice sample you upload (if any) and the story text to generate the audiobook. ElevenLabs privacy policy.
  • Lulu Direct — receives the book PDF, recipient name, and shipping address for printing and fulfilment of physical orders. Lulu privacy policy.
  • Stripe — processes payments securely. Stripe privacy policy.
  • Resend — delivers transactional emails. Resend privacy policy.
  • Supabase — hosts our database, authentication, and file storage. Supabase privacy policy.
  • Vercel — hosts the website and runs our server functions. Vercel privacy policy.

6. Analytics & Advertising Partners

With your consent (required in the UK/EEA; implicit elsewhere with an opt-out), we use the following tools to measure website traffic and ad performance. None of these tools receive children’s personal information.

  • Google Analytics 4 — page views and aggregate funnel metrics. Google may set cookies to recognise returning visitors. Google privacy policy.
  • Google Ads — if you arrive from a Google Ads campaign, we record which conversion your purchase belongs to. Google Ads policy.
  • Meta Pixel + Conversions API — used with Facebook and Instagram Ads campaigns to measure which clicks led to signups and purchases. We send a SHA-256 hashed email and order total (no child information) to Meta for matching. Meta privacy policy.
  • TikTok Pixel + Events API — used with TikTok Ads campaigns for the same purpose. We send a SHA-256 hashed email and order total (no child information) to TikTok for matching. TikTok privacy policy.

You can change your analytics and advertising consent at any time by clearing your browser’s cookies for storykid.ai or by contacting us.

7. Children's Privacy (COPPA)

StoryKid is designed for use by parents, guardians, or gift-givers — not by children directly.

  • You must be at least 18 years old to purchase, or have the consent of a parent or legal guardian.
  • All information about the child (name, age, interests, photos, voice) is provided by the purchasing adult, who consents on the child’s behalf.
  • We do not use children’s information for advertising, profiling, behavioural targeting, or any purpose other than generating, producing, and delivering the book you ordered.
  • We do not share children’s information with advertising networks or analytics providers.
  • Parents may review, correct, or delete the child’s information at any time by signing into their account or emailing us.

Books in your library are private to your account by default. You can choose to display a completed book on our public homepage gallery (“Public gallery” toggle on the library card). That toggle is off unless you explicitly enable it. When enabled, the book title, child’s first name, age, and cover illustration are shown publicly. You may turn it off at any time.

8. Data Retention

We retain your account, orders, and generated content for as long as your account exists so you can re-download your books and order reprints.

  • Account + orders: until you delete your account.
  • Uploaded photos (child + supporting characters): kept for the life of the order so we can regenerate pages if needed. You can delete them from the order page.
  • Voice samples: kept until you delete them from Account → Voice Sample.
  • Generated books (PDF, audiobook): kept indefinitely in your library.
  • Payment + invoice records: retained for up to 7 years to meet tax and accounting obligations, even after account deletion.
  • Support messages: retained for 2 years after a ticket is closed.
  • Analytics and advertising data: retained per each partner’s default policy (typically 14–24 months).

If you delete your account we remove your personal information, child information, and uploaded content within 30 days. Anonymised aggregates (e.g. “how many Dreamer books were created in Q1”) may be retained permanently for reporting purposes.

9. Data Security

We take reasonable measures to protect your information:

  • Encryption in transit (TLS/HTTPS) for everything between your browser and our servers, and between our servers and processors.
  • Encryption at rest on our database and file storage.
  • Per-row access controls (Supabase RLS) so one customer cannot read another customer’s data.
  • Per-user namespace on uploaded files.
  • Rate limiting, bot detection, and webhook signature verification.
  • Regular audits of dependencies and cloud configuration.

No system is perfectly secure. If we become aware of a breach that affects your personal information, we will notify you and, where required, the relevant authorities, within the timelines mandated by law.

10. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Delete your personal information (subject to legal obligations such as tax record-keeping).
  • Export your data in a portable format.
  • Restrict or object to certain processing activities.
  • Withdraw consent for analytics, advertising, or marketing at any time.
  • Lodge a complaint with your local data-protection authority (e.g. the ICO in the UK, a GDPR supervisory authority in the EEA).

To exercise any of these rights, email hello@storykid.ai. We respond within 30 days (45 in exceptional cases with notice). We may ask you to verify your identity before fulfilling a request.

11. Cookies & Similar Technologies

We use a small number of cookies and similar technologies:

  • Strictly necessary — authentication sessions, cart, checkout flows, and a cookie that remembers your cookie-consent choice. These are always on because the site cannot function without them.
  • Analytics — Google Analytics 4 sets cookies (_ga, _ga_*) to measure unique visitors and return rates. Only set after you grant consent.
  • Advertising — Meta (_fbp), TikTok (_ttp), and Google Ads cookies help measure which ads led to conversions. Only set after you grant consent.

You can change your choice at any time by clearing cookies for storykid.ai, using your browser’s privacy controls, or by contacting us.

12. International Data Transfers

StoryKid is operated from the United States. If you access our services from outside the US, your information will be transferred to, processed in, and stored in the United States and in the data centres of the processors listed above (which may also be in the EU, UK, or other regions depending on the processor).

For transfers from the UK/EEA, we rely on the European Commission’s Standard Contractual Clauses or the EU-U.S. Data Privacy Framework where applicable.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post an update notice on the site and, for registered users, email you at least 14 days before the changes take effect. Your continued use of StoryKid after that date constitutes acceptance.

14. Contact

For questions about this Privacy Policy or to exercise any of the rights above:

Galgomedia LLC
Email: hello@storykid.ai

Privacy Policy · StoryKid